I have a server and a client that are sending binary data inside custom structured TCP/UDP packets (a pretty standard scenario I'm sure). In order to validate the data, I would like to use Wireshark to check that the packet structure and contents are correct, but want to avoid the current necessity of (for example) finding the 16-19th bytes in packetX and converting that 32 bit float to a decimal, or scrolling down to the 2314th byte in packetY to see if that byte is 03 or 04 is what's causing the bug... etc etc.
I know wireshark has built-in decoders for a huge variety of common protocols (e.g. HTTP), but what is the best way forward for analyzing custom byte packets (incl variable length)? The packets I am looking at all have a header with a magic start, length, name, and a magic end.
An Lua dissector looks like the right tool, but before I jump into it, I want to see what others might recommend or suggest?
/edit: Real-time is preferred. I am not looking to capture and analyze later, so if I am using Wireshark, I want to see the dissected packets as they come in, and even filter by packet names I have pre-defined in my Lua (if this is possible?)
asked 19 Nov '14, 18:31
edited 19 Nov '14, 18:37
A Lua dissector is one option. Please see the docs and samples to get started.
Another option is the Wireshark gerneric dissector (third party add-on).
answered 20 Nov '14, 01:33
Kurt Knochner ♦